blob: b711ba6741f8c246ecb981166b72c9e5c75f3868 [file] [log] [blame]
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
* Copyright (c) 2013-2024 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
* ndn-cxx library is free software: you can redistribute it and/or modify it under the
* terms of the GNU Lesser General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later version.
*
* ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
*
* You should have received copies of the GNU General Public License and GNU Lesser
* General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
* <http://www.gnu.org/licenses/>.
*
* See AUTHORS.md for complete list of ndn-cxx authors and contributors.
*/
#include "ndn-cxx/security/trust-anchor-container.hpp"
#include "tests/boost-test.hpp"
#include "tests/key-chain-fixture.hpp"
#include "tests/unit/clock-fixture.hpp"
namespace ndn::tests {
using namespace ndn::security;
// This fixture creates a directory and prepares two certificates.
// cert1 is written to a file under the directory, while cert2 is not.
class TrustAnchorContainerFixture : public ClockFixture, public KeyChainFixture
{
public:
TrustAnchorContainerFixture()
{
std::filesystem::create_directories(certDirPath);
identity1 = m_keyChain.createIdentity("/TestAnchorContainer/First");
cert1 = identity1.getDefaultKey().getDefaultCertificate();
saveCert(cert1, certPath1);
identity2 = m_keyChain.createIdentity("/TestAnchorContainer/Second");
cert2 = identity2.getDefaultKey().getDefaultCertificate();
saveCert(cert2, certPath2);
}
~TrustAnchorContainerFixture() override
{
std::filesystem::remove_all(certDirPath);
}
void
checkFindByInterest(const Name& name, bool canBePrefix,
const std::optional<Certificate>& expected) const
{
Interest interest(name);
interest.setCanBePrefix(canBePrefix);
BOOST_TEST_INFO_SCOPE("Interest = " << interest);
auto found = anchorContainer.find(interest);
if (expected) {
BOOST_REQUIRE(found != nullptr);
BOOST_CHECK_EQUAL(found->getName(), expected->getName());
}
else {
BOOST_CHECK(found == nullptr);
}
}
public:
const std::filesystem::path certDirPath{std::filesystem::path(UNIT_TESTS_TMPDIR) / "test-cert-dir"};
const std::filesystem::path certPath1{certDirPath / "trust-anchor-1.cert"};
const std::filesystem::path certPath2{certDirPath / "trust-anchor-2.cert"};
TrustAnchorContainer anchorContainer;
Identity identity1;
Identity identity2;
Certificate cert1;
Certificate cert2;
};
BOOST_AUTO_TEST_SUITE(Security)
BOOST_FIXTURE_TEST_SUITE(TestTrustAnchorContainer, TrustAnchorContainerFixture)
// one static group and one dynamic group created from file
BOOST_AUTO_TEST_CASE(Insert)
{
// Static
anchorContainer.insert("group1", Certificate(cert1));
BOOST_CHECK(anchorContainer.find(cert1.getName()) != nullptr);
BOOST_CHECK(anchorContainer.find(identity1.getName()) != nullptr);
const Certificate* cert = anchorContainer.find(cert1.getName());
BOOST_CHECK_NO_THROW(anchorContainer.insert("group1", Certificate(cert1)));
BOOST_CHECK_EQUAL(cert, anchorContainer.find(cert1.getName())); // still the same instance of the certificate
// cannot add dynamic group when static already exists
BOOST_CHECK_THROW(anchorContainer.insert("group1", certPath1, 1_s), TrustAnchorContainer::Error);
BOOST_CHECK_EQUAL(anchorContainer.getGroup("group1").size(), 1);
BOOST_CHECK_EQUAL(anchorContainer.size(), 1);
// From file
anchorContainer.insert("group2", certPath2, 1_s);
BOOST_CHECK(anchorContainer.find(cert2.getName()) != nullptr);
BOOST_CHECK(anchorContainer.find(identity2.getName()) != nullptr);
BOOST_CHECK_THROW(anchorContainer.insert("group2", Certificate(cert2)), TrustAnchorContainer::Error);
BOOST_CHECK_THROW(anchorContainer.insert("group2", certPath2, 1_s), TrustAnchorContainer::Error);
BOOST_CHECK_EQUAL(anchorContainer.getGroup("group2").size(), 1);
BOOST_CHECK_EQUAL(anchorContainer.size(), 2);
std::filesystem::remove(certPath2);
advanceClocks(1_s, 11);
BOOST_CHECK(anchorContainer.find(identity2.getName()) == nullptr);
BOOST_CHECK(anchorContainer.find(cert2.getName()) == nullptr);
BOOST_CHECK_EQUAL(anchorContainer.getGroup("group2").size(), 0);
BOOST_CHECK_EQUAL(anchorContainer.size(), 1);
TrustAnchorGroup& group = anchorContainer.getGroup("group1");
auto staticGroup = dynamic_cast<StaticTrustAnchorGroup*>(&group);
BOOST_REQUIRE(staticGroup != nullptr);
BOOST_CHECK_EQUAL(staticGroup->size(), 1);
staticGroup->remove(cert1.getName());
BOOST_CHECK_EQUAL(staticGroup->size(), 0);
BOOST_CHECK_EQUAL(anchorContainer.size(), 0);
BOOST_CHECK_THROW(anchorContainer.getGroup("non-existing-group"), TrustAnchorContainer::Error);
}
BOOST_AUTO_TEST_CASE(DynamicAnchorFromDir)
{
std::filesystem::remove(certPath2);
anchorContainer.insert("group", certDirPath, 1_s, /*isDir*/ true);
BOOST_CHECK(anchorContainer.find(identity1.getName()) != nullptr);
BOOST_CHECK(anchorContainer.find(identity2.getName()) == nullptr);
BOOST_CHECK_EQUAL(anchorContainer.getGroup("group").size(), 1);
saveCert(cert2, certPath2);
advanceClocks(100_ms, 11);
BOOST_CHECK(anchorContainer.find(identity1.getName()) != nullptr);
BOOST_CHECK(anchorContainer.find(identity2.getName()) != nullptr);
BOOST_CHECK_EQUAL(anchorContainer.getGroup("group").size(), 2);
std::filesystem::remove_all(certDirPath);
advanceClocks(100_ms, 11);
BOOST_CHECK(anchorContainer.find(identity1.getName()) == nullptr);
BOOST_CHECK(anchorContainer.find(identity2.getName()) == nullptr);
BOOST_CHECK_EQUAL(anchorContainer.getGroup("group").size(), 0);
}
BOOST_AUTO_TEST_CASE(FindByInterest)
{
anchorContainer.insert("group1", certPath1, 1_s);
checkFindByInterest(identity1.getName(), true, cert1);
checkFindByInterest(identity1.getName().getPrefix(-1), true, cert1);
checkFindByInterest(cert1.getKeyName(), true, cert1);
checkFindByInterest(cert1.getName(), false, cert1);
checkFindByInterest(Name(identity1.getName()).appendVersion(), true, std::nullopt);
auto makeIdentity1Cert = [=] (const std::string& issuerId) {
auto key = identity1.getDefaultKey();
MakeCertificateOptions opts;
opts.issuerId = name::Component::fromUri(issuerId);
return m_keyChain.makeCertificate(key, signingByKey(key), opts);
};
auto cert3 = makeIdentity1Cert("3");
auto cert4 = makeIdentity1Cert("4");
auto cert5 = makeIdentity1Cert("5");
Certificate cert3Copy = cert3;
anchorContainer.insert("group2", std::move(cert3Copy));
anchorContainer.insert("group3", std::move(cert4));
anchorContainer.insert("group4", std::move(cert5));
checkFindByInterest(cert3.getKeyName(), true, cert3);
checkFindByInterest(cert3.getName(), false, cert3);
}
BOOST_AUTO_TEST_SUITE_END() // TestTrustAnchorContainer
BOOST_AUTO_TEST_SUITE_END() // Security
} // namespace ndn::tests